In this blog, we provide a snapshot of how Securin is helping schools gain resilience against cyberattacks and evolving threats, while highlighting what schools can do to stay safe from ransomware attacks.<\/b><\/em><\/p>\n Here are the results of an assessment that Securin conducted for a US state\u2019s educational department. <\/p>\n We investigated 188 district and charter schools for the state and scanned 1172 assets. Here is what we found: Among the 1172 assets discovered, there were 2221 findings with 519 unique vulnerabilities.<\/p>\n Weaponized Vulnerabilities<\/strong>: We also found that 374 vulnerabilities were weaponized and could be exploited by attackers to gain access to school systems and steal data.<\/p>\n Based on our AI and ML-based predictive analysis, Securin’s researchers warn that 78 (17%) of the existing vulnerabilities will most likely be exploited by malicious actors and must be remediated immediately.<\/p>\n \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 RCE\/PE Vulnerabilities<\/strong>: We identified and prioritized 33 RCE\/PE vulnerabilities that need to be immediately remediated, as they allow hackers to remotely execute malicious code. If left unchecked, data and access losses will be imminent.<\/p>\n Ransomware-Associated <\/strong>Vulnerabilities<\/b>: Three of the district schools have vulnerabilities with known ransomware exploitation instances:<\/p>\n CVE 2019-11043<\/a> is associated with NextCry ransomware<\/a>. This ransomware encrypts files on the NextCloud servers. This is a trending PHP CVE that has the maximum possibility of exploitation in schools and NAS devices. Our recommendation to schools was to upgrade to PHP version 7.3.11 and to remediate the vulnerability immediately.<\/p>\n<\/li>\n CVE-2021-34473<\/a> is associated with LockFile<\/a>, BlackByte, and Conti<\/a> ransomware groups. Our research also shows that the Conti and LockFile groups are actively being deployed by APT groups, such as Wizard Spider, Exotic Lily, and DEV-0401 to attack prominent organizations.<\/p>\n<\/li>\n CVE-2018-19943<\/a>, a command injection vulnerability, and CVE-2018-19949<\/a> are associated with eCh0raix ransomware.<\/p>\n<\/li>\n<\/ul>\n Vulnerabilities on CISA’s KEV List<\/strong>: 374 of the discovered vulnerabilities are on the CISA-KEV<\/a> list, which is a list of vulnerabilities with known instances of exploitation.<\/p>\n Vulnerability Aging<\/strong>: 22% of the vulnerabilities could potentially be present in systems since 2001 (based on the vulnerability age). This extremely dangerous as there are many attack methodologies readily available, which would have been refined over the years. Interestingly, 45% of the exploits have cropped up in the last six years.<\/p>\n As a result of Securin\u2019s asset scan and exposure prioritization, 30 out of 74 schools performed remediation<\/strong> on open weaponized vulnerabilities and improved their security posture.<\/p>\n A cyberattack can result from multiple exposures introduced into organizational attack surfaces. However, these can easily be discovered if you know how to search. Let us look at some of the possible attack methods utilized in recent years.<\/p>\n Unpatched Vulnerabilities<\/strong>: The Pysa and Sabbath ransomware groups were among those that exploited unpatched vulnerabilities in school networks to seize their systems.<\/p>\n<\/li>\n Connected Devices<\/strong>: Malicious actors take advantage of connected devices to deploy botnets and malware and stealthily invade networks.<\/p>\n Devices were exposed to an SSH server targeted<\/a> by FritzFrog in a P2P botnet attack.<\/p>\n<\/li>\n The APT group, Sparkling Goblin, adopted a new backdoor technique called SideWalk to penetrate<\/a> cybersecurity defenses of multiple targets, including educational institutions.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n Exposures in Third-Party Software<\/strong>: This is probably one of the most overlooked dangers that can compromise school networks. A vulnerability in a third-party application used by schools can lead to educational institutions being caught unawares when exploited. Here are a few examples of how these can be used against organizations.<\/p>\n CVE-2022-1609<\/a>, a critical vulnerability was observed <\/a>in School Management Pro, a WordPress plugin with over 3,40,000 customers\u2014exploitation of which could allow complete control of school websites.<\/p>\n<\/li>\n A breach<\/a> of Illuminate\u2019s eduCLIMBER, an academic progress monitoring tool, exposed the personal data of 1700 students. Earlier, the New York City Department of Education was also impacted<\/a> by the breach exposing data of 820,000 current and former students and was touted to be the single-largest data breach of student data.<\/p>\n<\/li>\n Approximately 30,000 WordPress-hosted university websites in Ukraine were hacked<\/a> as part of the Russian-Ukrainian war; nearly 100,000 attacks in 24 hours.<\/p>\n<\/li>\n A ransomware attack<\/a> on a leading school website services provider disrupted servers and the regular functioning of thousands of schools using the SaaS provider.<\/p>\n<\/li>\n Critical zero-day vulnerabilities<\/a> were found in Fedena, a now-abandoned software used for school management.<\/p>\n<\/li>\n Personal information of around 500,00 students and 60,000 staff in Chicago Public Schools was stolen in a ransomware attack<\/a> on the K-12 technology vendor, Battelle for Kids.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n Exposures Introduced by Misconfigurations<\/strong>: Mistakes while configuring assets or network-related parameters can be costly, as some schools found out when their databases were compromised.<\/p>\n Misconfigured certificates in eduroam, a free Wi-Fi network used by many universities, exposed <\/a>the credentials of multiple users.<\/p>\n<\/li>\n<\/ul>\n<\/li>\nHow Securin is Helping a US State School District Improve Its Security Posture<\/h2>\n
\n![\"\"](\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/blogs\/schools\/image-1.png\")
<\/p>\n![\"\"](\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/blogs\/schools\/image-2.png\")
<\/p>\n\n
Four Overlooked Exposures That Schools Should Look For<\/h2>\n
\n
\n
\n
\n
![](\"https:\/\/lh4.googleusercontent.com\/5hk95YdCy6i0UwJ_aqHtahfEnUm25QGFuT3-rdS4rLzGCu108Q_wpMFoh6lLKFR7hyUTTQ2LGhHeS2t68TJ5TKGfVXGOYhNAVriWDtSXz-p1Z6VYk4MqQOTwk02MO1Vf30ChSVrwAfhturICyQ\")
<\/p>\n